Attack Of The Rude Facebook Shoes
What should you tell your Facebook friends to do when their accounts are hijacked by rogue sites that spam their feeds or worse? Here are some steps they can take.
Maybe signing onto Facebook isn't quite as dramatic as discovering the slithery guardians of the Lost Ark at the bottom of the cinematic Well of Souls, but it's how I feel some days. "Shoes (groan), why did I have to be tagged in a picture of shoes?"
- Core Systems Modernization: Harnessing the Power of Rules-Based Policy Administration
- The Case for Outbound Content Management
- Strategy: Heading Off Advanced Social Engineering Attacks
- Strategy: How to Conduct an Effective IT Security Risk Assessment
For some odd reason, shoes are the common theme in a spam campaign that apparently has been going on for years, reflecting a longstanding problem with photo tagging spam on Facebook and presenting an inspiration to wannabe hackers. When I get that notification saying "John Smith tagged a photo of you on Facebook," and it links to a picture of shoes, what this really means is Mr. Smith has been hacked and will be confused when all his friends contact to complain about his foray into shoe sales advertisements.
[ Time to take a second look at G+? Read Guy Kawasaki: Google+ Is The Mac Of Social Networks. ]
Why shoes? Apparently, there is good money to be made advertising discount brands of fashion shoes. It's like every other spam campaign that makes you think, "How could anyone fall for that?" And yet, if you can reach enough people, you will reach a fair number of gullible sorts. I'd guess that when they place their orders, there's a better-than-even chance that they won't even get a pair of shoes; they'll just get their credit card numbers stolen.
It doesn't help that sometimes our friends (or Friends) really do abuse the Facebook photo tagging system, which was intended as a way for users who upload a photo to tag the people who appear in that photo. I fairly regularly get tagged by people who are trying to draw my attention to an image (for example, a scanned image of an event flyer), rather than tell me I am in the image. The first few times I got tagged in shoe photos, I thought these people were being obnoxious social marketers, not that they'd been hacked.
In one particularly embarrassing variation on the theme, the shoes are shown worn by people who appear to be engaging in sex acts--nothing blatant enough to trigger Facebook's porn filters, but highly suggestive. This version showed up in the feed from one city commission candidate I know who has either caught this same bug repeatedly or never quite managed to purge it from his computer or his account. And yes, I was tagged in the photo, although I'm pretty sure I didn't pose for it.